The power to fine firms that amount has been handed to the Information Commissioner's Office as part of the UK government complying with a European Directive, which seeks to protect citizens from certain marketing methods.
The ability to fine firms will come into force on 25 May as part of the UK's Privacy and Electronic Communications Regulations (PECR).
As part of the new ICO policing regime, telecoms companies and ISPs will be required to notify the ICO and their customers in certain circumstances when a personal data breach occurs.
Information Commissioner Christopher Graham said: "The changes to the regulations will grant us the right to impose significant monetary penalties for the most serious breaches of the rules, and give us improved powers to investigate companies that make nuisance marketing calls."
Companies struggling to comply with the new rules before the implementation deadline of 25 May have been granted a short-term amnesty because of the complexities involved.
It has been reported that the marketing industry could adopt a "universal icon" for behavioural advertising. When clicked it could take the user to a page containing more information, which could also give them the ability to opt out of being targeted across complying sites.
The ICO already has the power to fine firms up to £500,000 for serious personal data breaches.